On Wed, 2021-09-22 at 20:13 -0400, Warren Kumari wrote: > Oh, testing now gives a different / working result: > > $ curl -v https://www.deltamath.com --connect-to > deltamath.com:443:172.64.80.1 2>&1 | grep "HTTP/2 200" >
This one sends a Server Name Indication of www.deltamath.com (like with 'openssl s_client -connect 172.64.80.1:443 -servername deltapath.com'). > > > Yes, 172.64.80.1 is a CF address, but it was being returned for > > deltamath.com. > > Doing a GET / over TLS with the host set to deltamath.com was giving a 403 > > Forbidden: > > HTTP/1.1 403 Forbidden This one is reproducible by not sending an SNI (like with 'openssl s_client -connect 172.64.80.1:443'). As far as I can tell -right now-, the IP is entirely valid for the site, as long as the client sends the correct SNI and Host header (which web browsers do!). Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/ _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
